By BeauHD from Slashdot's sly-as-a-fox department:According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.

By BeauHD from Slashdot's maximized-potential department:An anonymous reader quotes a report from Ars Technica: The silicon-based cells that make up a solar panel have a theoretical efficiency limit of 29 percent, but so far that number has proven elusive. Practical efficiency rates in the low-20-percent range have been considered very good for commercial solar panels. But researchers with Japanese chemical manufacturer Kaneka Corporation have built a solar cell with a photo conversion rate of 26.3 percent, breaking the previous record of 25.6 percent. Although it's just a 2.7 percent increase in efficiency, improvements in commercially viable solar cell technology are increasingly hard-won. Not only that, but the researchers noted in their paper that after they submitted their article to Nature Energy, they were able to further optimize their solar cell to achieve 26.6 percent efficiency. That result has been recognized by the National Renewable Energy Lab (NREL). In the Nature Energy paper, the researchers described building a 180.4 cm2 cell using high-quality thin-film heterojunction (HJ) -- that is, layering silicon within the cell to minimize band gaps where electron states can't exist. Controlling heterojunctions is a known technique among solar cell builders -- Panasonic uses it and will likely incorporate it into cells built for Tesla at the Solar City plant in Buffalo, and Kaneka has its own proprietary heterojunction techniques. For this record-breaking solar cell, the Kaneka researchers also placed low-resistance electrodes toward the rear of the cell, which maximized the number of photons that collected inside the cell from the front. And, as is common on many solar cells, they coated the front of the cell with a layer of amorphous silicon and an anti-reflective layer to protect the cell's components and collect photons more efficiently.

By BeauHD from Slashdot's irony-at-its-finest department:Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.

By BeauHD from Slashdot's controversial-digital-rights-management department:The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

By BeauHD from Slashdot's one-and-done department:An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."

By BeauHD from Slashdot's time-is-ticking department:A hacker or group of hackers calling themselves the "Turkish Crime Family" claim they have access to at least 300 million iCloud accounts, and will delete the alleged cache of data if Apple pays a ransom by early next month. Motherboard is reporting that the hackers are demanding "$75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data." From the report: The hackers provided screenshots of alleged emails between the group and members of Apple's security team. One also gave Motherboard access to an email account allegedly used to communicate with Apple. "Are you willing to share a sample of the data set?" an unnamed member of Apple's security team wrote to the hackers a week ago, according to one of the emails stored in the account. (According to the email headers, the return-path of the email is to an address with the @apple.com domain). The hackers also uploaded a YouTube video of them allegedly logging into some of the stolen accounts. The hacker appears to access an elderly woman's iCloud account, which includes backed-up photos, and the ability to remotely wipe the device. Now, the hackers are threatening to reset a number of the iCloud accounts and remotely wipe victim's Apple devices on April 7, unless Apple pays the requested amount. According to one of the emails in the accessed account, the hackers claim to have access to over 300 million Apple email accounts, including those use @icloud and @me domains. However, the hackers appear to be inconsistent in their story; one of the hackers then claimed they had 559 million accounts in all. The hackers did not provide Motherboard with any of the supposedly stolen iCloud accounts to verify this claim, except those shown in the video.

By BeauHD from Slashdot's new-and-improved department:prisoninmate quotes a report from Softpedia: GNOME 3.24 just finished its six-month development cycle, and it's now the most advanced stable version of the modern and popular desktop environment used by default in numerous GNU/Linux distributions. It was developed since October 2016 under the GNOME 3.23.x umbrella, during which it received numerous improvements. Prominent new features of the GNOME 3.24 desktop environment include a Night Light functionality that promises to automatically shift the colors of your display to the warmer end of the spectrum after sunset, and a brand-new GNOME Control Center with redesigned Users, Keyboard and Mouse, Online Accounts, Bluetooth, and Printer panels. As for the GNOME apps, we can mention that the Nautilus file manager now lets users browse files as root (system administrator), GNOME Photos imitates Darktable's exposure and blacks adjustment tool, GNOME Music comes with ownCloud integration and lets you edit tags, and GNOME Calendar finally brings the Week view. New apps like GNOME Recipes are also part of this release. The full release notes can be viewed here. Softpedia notes in conclusion: "As mentioned before, it will take at least a couple of weeks for the new GNOME 3.24 packages to land on the stable repositories of your favorite distro, which means that you'll most probably be able to upgrade from GNOME 3.22 when the first point release, GNOME 3.24.1, is out on April 12, 2017."

By BeauHD from Slashdot's serious-labor-action department:An anonymous reader quotes a report from Fortune: Approximately 17,000 workers in AT&T's traditional wired telephone business in California and Nevada walked out on strike on Wednesday, marking the most serious labor action against the carrier in years. The walkout -- formally known as a grievance strike -- occurred after AT&T changed the work assignments of some of the technicians and call center employees in the group, the Communications Workers of America union said. The union would not say how long the strike might last. A contract covering the group expired last year and there has been little progress in negotiations over sticking points like the outsourcing of call center jobs overseas, stagnant pay, and rising health care costs. The union said it planned to file an unfair labor charge with the National Labor Relations Board over the work assignment changes. "A walkout is not in anybody's best interest and it's unfortunate that the union chose to do that," an AT&T spokesman told Fortune. "We're engaged in discussion with the union to get these employees back to work as soon as possible."

By msmash from Slashdot's a-piece-of-foam department:While Nintendo remains silent on the issue of some left Joy-Con controllers becoming desynced from the Switch console, it appears it has a solution for those affected. No, it's not avoidance of aquariums or all other wireless devices; instead, it's apparently as simple as a foam sticker placed in the right spot. From a report: Early reviews and, later, actual retail units of the Nintendo Switch highlighted an apparent hardware flaw in the design of the left Joy-Con controller. In certain scenarios -- like when played some distance from the console using the Joy-Con Grip -- some left Joy-Cons could lose sync and players would find themselves unable to accurately control what's happening on the screen. While a day one console update fixed this issue for some, it's remained for others and Nintendo has done little to assuage would-be consumers that it's solved the issue for good. But, a Joy-Con sent in for repair by CNET's Sean Hollister was returned with one small enhancement a week later and -- lo and behold -- it works. That enhancement: A small piece of conductive foam.

By msmash from Slashdot's this-is-the-future department:A start-up has unveiled ambitious plans to offer an electric-powered commercial flight between London and Paris in the next ten years. From a report: Wright Electric believes the proposed low-emission electric plane would offer a cheaper alternative to jet fuel for airlines and consumers. However, the start-up's bid to revolutionize short-haul flights relies on the continued advancement of battery technology. The company, who pitched to investors this week, would be forced to switch to a hybrid of aviation fuel and electricity if the advances in battery technology fail to materialise.

By msmash from Slashdot's security-woes department:Ebay has started to inform customers who use a hardware key fob when logging into the site to switch to receiving a one-time code sent via text message. The move from the company, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is "a downgrade to a less-secure option," say security reporter Brian Kerbs. He writes: In early 2007, PayPal (then part of the same company as Ebay) began offering its hardware token for a one-time $5 fee, and at the time the company was among very few that were pushing this second-factor (something you have) in addition to passwords for user authentication. I've still got the same hardware token I ordered when writing about that offering, and it's been working well for the past decade. Now, Ebay is asking me to switch from the key fob to text messages, the latter being a form of authentication that security experts say is less secure than other forms of two-factor authentication (2FA). The move by Ebay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication.

By msmash from Slashdot's shape-of-things-to-come department:From a report on BBC: In the atmosphere, the seas and around the poles, climate change is reaching disturbing new levels across the Earth. That's according to a detailed global analysis from the World Meteorological Organization (WMO). It says that 2016 was not only the warmest year on record, but it saw atmospheric CO2 rise to a new high, while Arctic sea ice recorded a new winter low. The "extreme and unusual" conditions have continued in 2017, it says. Reports earlier this year from major scientific bodies - including the UK's Met Office, Nasa and NOAA -- indicated that 2016 was the warmest year on record. The WMO's State of the Global Climate 2016 report builds on this research with information from 80 national weather services to provide a deeper and more complete picture of the year's climate data.

By msmash from Slashdot's bottom-line department:From a report on CNBC: Despite legacy media's anxieties about cord-cutting, data suggest that the phenomenon isn't nearly as significant as cable providers make it out to be. In its 11th annual "Digital Democracy Survey," Deloitte found that the percentage of American households that subscribe to paid television services has remained relatively stable since 2012, even as adoption of streaming services has accelerated. In its survey of 2,131 consumers, Deloitte said two-thirds of respondents reported they have kept their TV subscriptions because they're bundled with their internet plan. Kevin Westcott, vice chairman and U.S. media and entertainment leader at Deloitte, told CNBC that bundling seems to be a huge deterrent for cord cutting.

By msmash from Slashdot's shape-of-things-to-come department:An anonymous reader shares a report: Chrome engineers are planning to remove two options from Chrome that allow users to quickly close a large number of tabs with just a few clicks. The options, named "Close other tabs" and "Close tabs to the right" reside in the menu that appears when a user right-clicks on a Chrome tab. According to an issue on the Chromium project spotted yesterday by a Reddit user, Google engineers planned to remove to menu options for many years even before opening the Chromium issue, dated itself to July 31, 2015. After several years of inactivity and no decision, things started to move again in September 2016, when usage statistics confirmed that Chrome users rarely used the two options they initially wanted to remove. Seeing no new discussions past this point, Chromium engineers assigned the issue in February, meaning engineers are getting ready to remove the two menu options it in future Chromium builds.

By msmash from Slashdot's about-time department:Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!

By msmash from Slashdot's dark-matter-of-things department:Several Slashdot readers have shared an article by programmer Nicholas Chapman, who talks about a class of bugs that he calls "performance bugs". From the article: A performance bug is when the code computes the correct result, but runs slower than it should due to a programming mistake. The nefarious thing about performance bugs is that the user may never know they are there -- the program appears to work correctly, carrying out the correct operations, showing the right thing on the screen or printing the right text. It just does it a bit more slowly than it should have. It takes an experienced programmer, with a reasonably accurate mental model of the problem and the correct solution, to know how fast the operation should have been performed, and hence if the program is running slower than it should be. I started documenting a few of the performance bugs I came across a few months ago, for example (on some platforms) the insert method of std::map is roughly 7 times slower than it should be, std::map::count() is about twice as slow as it should be, std::map::find() is 15% slower than it should be, aligned malloc is a lot slower than it should be in VS2015.

By msmash from Slashdot's i-demand-proof department:Science doesn't have all the answers. There are plenty of things it may never prove, like whether there's a God. Or whether we're living in a computer simulation, something proposed by Swedish philosopher Nick Bostrom. From an article on Gizmodo: This kind of thinking made at least one person angry, theoretical physicist and science writer Sabine Hossenfelder from the Frankfurt Institute for Advanced Studies in Germany. Last week, she took to her blog Backreactions to vent. It's not the statement "we're living in a simulation" that upsets Hossenfelder. It's the fact that philosophers are making assertions that, if true, should most certainly manifest themselves in our laws of physics. "I'm not saying it's impossible," Hossenfelder told Gizmodo. "But I want to see some backup for this claim." Backup to prove such a claim would require a lot of work and a lot of math, enough to solve some of the most complex problems in theoretical physics.

By msmash from Slashdot's thing-we-need-to-fix department:An anonymous reader shares an EFF article: Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation. When you buy something physical -- a toaster, a book, or a printer, for example -- you expect to be free to use it as you see fit: to adapt it to suit your needs, fix it when it breaks, re-use it, lend it, sell it, or give it away when you're done with it. Your freedom to do those things is a necessary aspect of your ownership of those objects. If you can't do them, because the seller or manufacturer has imposed restrictions or limitations on your use of the product, then you don't really own them. Traditionally, the law safeguards these freedoms by discouraging sellers from imposing certain conditions or restrictions on the sale of goods and property, and limiting the circumstances in which those restrictions may be imposed by contract. But some companies are relentless in their quest to circumvent and undermine these protections. They want to control what end users of their products can do with the stuff they ostensibly own, by attaching restrictions and conditions on purchasers, locking down their products, and locking you (along with competitors and researchers) out. If they can do that through patent law, rather than ordinary contract, it would mean they could evade legal limits on contracts, and that any one using a product in violation of those restrictions (whether a consumer or competitor) could face harsh penalties for patent infringement.

By msmash from Slashdot's fixing-things department:Amazon.com is expanding a program to remove counterfeit goods from its website this spring as part of a broader push to assure brand owners that the online retailer is an ally rather than a threat. From a report: As early as next month, any brand can register its logo and intellectual property with Amazon so the e-commerce company can take down listings and potentially seller accounts when counterfeits are flagged, Peter Faricy, vice president of Amazon Marketplace, said in an interview on Monday. The so-called brand registry, which had been in a test phase, will be widely available for free in North America, Faricy said ahead of his presentation at the Shoptalk commerce conference in Las Vegas.

By BeauHD from Slashdot's things-we-need-more-of department:An anonymous reader quotes a report from Digital Journal: Reddit has announced it has begun trialling a radical new profile page design that's reminiscent of Facebook and Twitter. It will evolve the discussion board site towards being a social network by enabling users to post directly to their new profile page. At present, posts on Reddit have to be directed into a specific sub-Reddit community. You can't simply write a post and have it appear across the network which can make it difficult to get your voice heard. Unless you've got some reputation in a relevant sub-Reddit, your posts may end up going unnoticed. That could soon change. Last night, Reddit announced it's working on a drastic revision of its user profile page experience. The site has commenced testing of an early version of the design. According to a report from Reuters, just three "high-profile" users currently have access to the feature. When the new pages are eventually opened up to all, they'll showcase the user's profile picture and description. Below the header, posts from the user will be publicly displayed. The user will be able to add new posts to their page, without submitting to a sub-Reddit. Users will be able to follow each other to stay informed of new posts, effectively creating a social network atmosphere above the discussion boards.